EUVD-2026-35340

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

EUVD-2026-35338

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

Fortinet FortiADC 信息泄露漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiADC, which stems from the exposure of sensitive information and could lead to obtaining passwords for external resources. The following versions are affected...

CVE-2025-3450

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions...

EUVD-2019-6811

Malware in sbrugna...

EUVD-2019-19211

Malware in sbrugna...

EUVD-2020-15575

Malware in sbrugna...

EUVD-2020-7821

Malware in sbrugna...

EUVD-2024-23214

Malicious code in bioql PyPI...

EUVD-2023-32291

Malicious code in bioql PyPI...

EUVD-2024-23215

Malicious code in bioql PyPI...

EUVD-2023-57637

Malicious code in bioql PyPI...

EUVD-2024-23213

Malicious code in bioql PyPI...

EUVD-2022-49642

Malicious code in bioql PyPI...

Graylog 授权问题漏洞

Graylog is a centralized log management solution from Graylog, Inc. in the United States. The product supports capturing, storing, and analyzing logs in real time, among other things. An authorization issue vulnerability exists in Graylog versions prior to 6.2.0 to 6.2.4 and 6.3.0-alpha.1 to...

Security advisory: Recently reported incomplete cleanup issue in Qt's Schannel handling can impact Qt

There is a "Incomplete Cleanup" problem in Qt’s Schannel handling when it is used to provide a server handling incoming TLS connections. This has been assigned the CVE id CVE-2025-6338. Affected versions: This issue affects only the Schannel functionality on Windows if it is turned on in Qt 5.15...

CVE-2023-46623

Improper Control of Generation of Code 'Code Injection' vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2...

CVE-2023-5311

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...

CVE-2022-46818

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2...

CVE-2021-36192

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS...